Commit cd267272 authored by David Goulet's avatar David Goulet
Browse files

Add Data Retention section to chat.html

Signed-off-by: default avatarDavid Goulet <>
parent 3937cdc6
......@@ -58,7 +58,7 @@
<p> offers a free and secure <a href="" target="_blank">Jabber</a> service that anyone can use by registering an account through your favorite chat client.</p>
<h4><p class="indent">&#x279b;</p></h4>
<p>Also possible to connect through our <a href="" target="_blank">Tor hidden service</a>:</p>
<p>It is also possible to connect through our <a href="" target="_blank">Tor hidden service</a>:</p>
<h4><p class="indent">&#x279b; 5rgdtlawqkcplz75.onion</p></h4>
<p>In order to configure a <a href="" target="_blank">Jabber client</a>, you need this information:</p>
......@@ -78,12 +78,62 @@
target="_blank">results</a> from the IM Observatory.</p>
<p>Finally, this server has a special quirk. It forces
communication to be OTR encrypted thus cleartext message between
communication to be OTR encrypted, thus cleartext messages between
clients is impossible. With the help of
<a href="" target="_blank">Riseup</a>, we have developed a
prosody <a href="" target="_blank">plugin</a> to
achieve mandatory OTR communication.
<h2 class="subtitle">Data Retention</h2>
This section details what data can see and can not see
on this Jabber server.
First of all, this server is setup with
<a href="">full disk encryption</a>
(FDE) so all that we store is only on an encrypted
disk. We use a
<a href="">LUKS</a>
device for this. Secondly, logging is completely disabled on
the Jabber server, even error logs.
In case of a seizure, if the server is powered off, the FDE
will protect all data. If the server is kept online, see the
<i>What we can see?</i> section below.
<h3>What we CAN see?</h3>
<li>Your username and <code>SHA1</code> hash of the
password are stored on the server.</li>
<li><a href="">vCard</a>
if you supply one.</li>
<li>Your IP address. To avoid this, use our Tor hidden
<li>Offline messages.</li>
<li>OTR body. (<strong>never</strong> plaintext)</li>
<li>Destination contact address.</li>
<li>Timestamp of the message.</li>
<li>Your roster. For each contact:</li>
<li>Jabber address (ex: <code></code>)</li>
<li>Name of the contact (if set)</li>
<li>Group (if any)</li>
<h3>What we DO NOT see?</h3>
<li>Message content. Mandatory OTR makes it that we can't
read content.</li>
<li>No logs thus nothing our prosody server could usually
tell us.</li>
<li>We don't keep any timing metadata such as when you
connect or disconnect.</li>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment